Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Business & Information Systems Engineering
Published in: Business & Information Systems Engineering 2/2021

18-03-2020 | Research Paper

Quantifying Risk Propagation Within a Network of Business Processes and IT Services

Authors: Oscar González-Rojas, Nicolás Castro, Sebastian Lesmes

Published in: Business & Information Systems Engineering | Issue 2/2021

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Nowadays, the organic nature of business processes and the increasingly complex and dynamic business environment make organizations face severe operational risks. However, current risk analysis methods of Information Technology (IT) resources ignore inter-process correlation and thus inter-process risk propagation. This gap needs a solution since the rigid alignment of organizations cause the risks which propagate throughout the whole organization to be the most serious operational risks. This paper presents a holistic approach for quantifying risk propagation in business processes based on the risk analysis of their underlying IT and human resources. This approach adapts financial techniques to quantify the level of risk that average and severe events on IT resources generate on individual business processes, and to quantify the risk propagation impact among dependent processes. This approach was applied to an enterprise modeling case study to quantify risk propagation for different risk epicenter scenarios. The results show that the proposed approach is capable of finding and quantifying both direct and indirect dependencies among operational assets within an organization. A high level of accuracy was observed when comparing the actual value of the process risk and the projected value considering risk propagation.
previous article Using Feedback to Mitigate Coordination and Threshold Problems in Iterative Combinatorial Auctions
next article Seven Paradoxes of Business Process Management in a Hyper-Connected World

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now
Show more products
Footnotes
1
The risk quantification dataset can be found at: https://​github.​com/​governit/​EnterpriseModell​ing.
 
Literature
Bai X, Krishnan R, Padman R, Wang H (2012) On risk management with information flows in business processes. Inf Syst Res 24(3):731–749CrossRef
Bergholtz M, Bertrand G, Paul J, Michael S, Petia W, Jelena Z (2005) Integrated methodology for linking business and process models with risk mitigation. In: 1st international workshop on requirements engineering for business need and IT alignment (REBNITA05)
Caron F, Vanthienen J, Baesens B (2013) A comprehensive investigation of the applicability of process mining techniques for enterprise risk management. Comput Ind 64(4):464–475CrossRef
Chaudhuri A, Srivastava S, Srivastava RK, Parveen Z, Huang Z, Wang K (2016) Risk propagation and its impact on performance in food processing supply chain: a fuzzy interpretive structural modeling based approach. J Model Manag 11(2):660–693CrossRef
Choe G (2016) Stochastic analysis for finance with simulations, chapter 20. Springer, Berlin, pp 273–274CrossRef
Conforti R, Fink S, Manderscheid J, Roeglinger M (2016) PRISM – a predictive risk monitoring approach for business processes. In: International conference on business process management, Springer, Heidelberg, pp 383–400
Feng N, Wang HJ, Li M (2014) A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis. Inf Sci 256:57–73CrossRef
Fenz S (2010) From the resource to the business process risk level. In: Proceedings of the South African information security multi-conference (SAISMC’2010), pp 100–109
González-Rojas O (2015) Governing IT services for quantifying business impact. In: Raimundas M, Marlon D (eds) BIR 2015: perspectives in business informatics research, vol 229. LNBIP. Springer, Cham, pp 97–112CrossRef
González-Rojas O, Lesmes S (2016) Value at risk within business processes: an automated IT risk governance approach. In: La Rosa M, Peter L, Oscar P (eds) BPM 2016: business process management, vol 9850. LNCS. Springer, Cham, pp 365–380
Hauke J, Kossowski T (2011) Comparison of values of Pearson’s and Spearman’s correlation coefficients on the same sets of data. Quaest Geogr 30(2):87–93CrossRef
Konig S, Rass S, Schauer S, Beck A (2016) Risk propagation analysis and visualization using percolation theory. Int J Adv Comput Sci Appl 7(1):694–701
Mock R, Corvo M (2005) Risk analysis of information systems by event process chains. Int J Crit Infrastruct 1(2–3):247–257CrossRef
Shabnam L, Haque F, Bhuiyan M, Krishna A (2014) Risk measure propagation through organisational network. In: 2014 IEEE 38th international computer software and applications conference workshops (COMPSACW), IEEE, pp 217–222
Suriadi S, Weiß B, Winkelmann A, ter Hofstede AHM, Adams M, Conforti R, Fidge C, La Rosa M, Ouyang C, Rosemann M et al (2014) Current research in risk-aware business process management: overview, comparison, and gap analysis. Commun Assoc Inf Syst 34(1):933–984
Tallon PP (2011) Value chain linkages and the spillover effects of strategic information technology alignment: a process-level view. J Manag Inf Syst 28(3):9–44CrossRef
Yamai Y, Yoshiba T (2005) Value-at-risk versus expected shortfall: a practical perspective. J Bank Finance 29(4):997–1015CrossRef
Metadata
Title
Quantifying Risk Propagation Within a Network of Business Processes and IT Services
Authors
Oscar González-Rojas
Nicolás Castro
Sebastian Lesmes
Publication date
18-03-2020
Publisher
Springer Fachmedien Wiesbaden
Published in
Business & Information Systems Engineering / Issue 2/2021
Print ISSN: 2363-7005
Electronic ISSN: 1867-0202
DOI
https://doi.org/10.1007/s12599-020-00634-3

Other articles of this Issue 2/2021

Business & Information Systems Engineering 2/2021 Go to the issue

Catchword

Digital Industrial Platforms

Discussion

Life Engineering

Research Paper

An Exploration into Future Business Process Management Capabilities in View of Digitalization

Profile

Interview with Benjamin Scheffler on “The Future of Waste Management”

Call for Papers

Call for Papers, Issue 5/2022

Call for Papers

Call for Papers, Issue 1/2023

Premium Partner

    Image Credits